This post is pretty much a carbon copy of my last post on file based authentication except for the AD specific instructions.

ThoughtWorks Cruise is a compelling option for continuous integration. Even more compelling is that they offer a free version (Although their recent marketing has been somewhat ambiguous on this, see here for more info). Setting up Cruise with Active Directory authentication is fairly simple but hopefully this post will expand on the AD setup.

1) Download the latest version of the Cruise Server and Cruise Agent here. Fill out the form and you will be redirected to a download page. You will also be emailed a license that is good for a year. You will have to renew this license every year. From what I have been told, your Cruise server will not stop working after a year, but you will not be able to make any changes to your pipelines until you have an updated license. Kind of a pain but I think it's worth it for a free product.

2) Install both the Cruise Server and Cruise Agent. The Cruise server coordinates the builds and the Cruise Agent actually performs tasks. So you could potentially have multiple agents on multiple servers which are handling build tasks in parallel. The free version only allows you to install agents on the same machine as the Cruise Server. The simplest Cruise install is Cruise Server and 1 Cruise Agent.

3) Enter your license key. Browse to the administrative control pane (http://localhost:8153) or by double clicking the icon on your desktop. The control panel can also be accessed over ssl by using port 8154: https://localhost:8154. This will redirect to the about page where you will need to enter your license information. You should have received a user name and license key by email. Enter the user name (Called "Licensee" in the email) and paste in the license key in appropriate box and press "Save license".

5) Set the Active Directory information in the Cruise configuration. Now you will need to click on the "ADMINISTRATION" tab in the Cruise control panel then the "Source XML" sub tab. Here you will see the xml configuration for Cruise. Click the "Edit" button at the top of the file to make the textbox editable. Now add the following "security" section to the configuration:

xml version="1.0" encoding="utf-8"?>
<cruise ... >
  <server artifactsdir="logs">
        searchBase="CN=Users, DC=intranet, DC=mycompany, DC=com"         
        searchFilter="(sAMAccountName={0})" />

The following is an explanation of the settings:

uri: This is simply a server running AD specified as an ldap url. So if your AD server is "AD1" then it would be "ldap://AD1".

managerDn and managerPassword: This is an AD account that is able to query the AD server. You can create a domain account that is in the "Domain Users" group (Which is the default for new domain users) and this will do the trick, no special permissions needed.

searchBase: This is the starting point in Active Directory to look for users to authenticate. It reads from right to left (The opposite of a URI). If your domain is "" then each sub domain will be specified separately as shown above (Reading from left to right). If you have a really simple domain setup, all of your users will probably be in the "Users" container identified by "CN". If your setup is more organized, then users will be placed in organizational units. So for example lets say we have an organization unit under the domain in our example called "MyCompanyInc" and another organization unit under that called "Developers" and you only want users in that organization unit to access Cruise. In that case the searchBase would be "OU=Developers, OU=MyCompanyInc, DC=intranet, DC=mycompany, DC=com".

searchFilter: This is the search criteria, the simplest matching the username (As shown in above and in the docs).

Click the save button and browse to another page in the admin. At this point you should be greeted with a login page.